doc/man/pam_sm_authenticate.3.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_sm_authenticate'>
  <refmeta>
    <refentrytitle>pam_sm_authenticate</refentrytitle>
    <manvolnum>3</manvolnum>
    <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
  </refmeta>

  <refnamediv id="pam_sm_authenticate-name">
    <refname>pam_sm_authenticate</refname>
    <refpurpose>PAM service function for user authentication</refpurpose>
  </refnamediv>

<!-- body begins here -->

  <refsynopsisdiv>
    <funcsynopsis id='pam_sm_authenticate-synopsis'>
      <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo>
      <funcsynopsisinfo>#include &lt;security/pam_modules.h&gt;</funcsynopsisinfo>
      <funcprototype>
        <funcdef>PAM_EXTERN int <function>pam_sm_authenticate</function></funcdef>
        <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
        <paramdef>int <parameter>flags</parameter></paramdef>
        <paramdef>int <parameter>argc</parameter></paramdef>
        <paramdef>const char **<parameter>argv</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>
  </refsynopsisdiv>


  <refsect1 id='pam_sm_authenticate-description'>
    <title>DESCRIPTION</title>
    <para>
      The <function>pam_sm_authenticate</function> function is the service
      module's implementation of the
      <citerefentry>
        <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry> interface.
    </para>
    <para>
      This function performs the task of authenticating the user.
    </para>
    <para>
       Valid flags, which may be logically OR'd with
       <emphasis>PAM_SILENT</emphasis>, are:
    </para>
    <variablelist>
      <varlistentry>
        <term>PAM_SILENT</term>
        <listitem>
           <para>
             Do not emit any messages.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_DISALLOW_NULL_AUTHTOK</term>
        <listitem>
          <para>
            Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the
            database of authentication tokens for this authentication
            mechanism has a <emphasis>NULL</emphasis> entry for the user.
            Without this flag, such a <emphasis>NULL</emphasis> token
            will lead to a success without the user being prompted.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id="pam_sm_authenticate-return_values">
    <title>RETURN VALUES</title>
    <variablelist>
      <varlistentry>
        <term>PAM_AUTH_ERR</term>
        <listitem>
          <para>
            Authentication failure.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_CRED_INSUFFICIENT</term>
        <listitem>
          <para>
            For some reason the application does not have sufficient
            credentials to authenticate the user.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_AUTHINFO_UNAVAIL</term>
        <listitem>
          <para>
            The modules were not able to access the authentication
            information. This might be due to a network or hardware
            failure etc.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_SUCCESS</term>
        <listitem>
           <para>
             The authentication token was successfully updated.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_USER_UNKNOWN</term>
        <listitem>
          <para>
            The supplied username is not known to the authentication
            service.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_MAXTRIES</term>
        <listitem>
          <para>
            One or more of the authentication modules has reached its
            limit of tries authenticating the user. Do not try again.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='pam_sm_authenticate-see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
        <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>